Skip to end of metadata
Go to start of metadata

Vivi also integrates with Azure and by extension Microsoft O365. You do need a a Premium P1 Azure Active Directory Licence to set up this integration.

One you have set Authentication to SAML and have your SAML metadata URL follow the below.


  1. Go to "Azure Active Directory" > "Enterprise applications"
  2. Click "New application", then "All", then "Non-gallery application"
  3. Enter "Vivi" for the name and click "Add" and wait until you end up at "Quick start"

  4. Click "Configure single sign-on"
  5. For "Single Sign-On Mode" select "SAML-based Sign-on"
  6. For "Identifier" enter the SAML metadata URL, "https://api.vivi.io/api/v1/users/saml_metadata/<your organisation id>"
  7. For "Reply URL" enter "https://api.vivi.io/api/v1/users/saml"
  8. Download the "SAML Signing Certificate" as "Certificate (Base64)"
  9. Copy the contents of this file into "SAML Token-Signing Certificate" on Vivi
  10. Press "Save"
  11. Press "Configure Vivi"
  12. Copy the "SAML Single Sign-On Service URL" value into "SAML SSO URL" on Vivi, "https://login.microsoftonline.com/<your application id>/saml2"
  13. Ignore the rest of the values, especially the "Sign-Out URL", leave "SAML SLO URL" blank on Vivi

  14. Go back to "Azure Active Directory" and then to "App registrations"
  15. Find the "Vivi" application and select it
  16. Click "Manifest" to view the JSON configuration
  17. Find "groupMembershipClaims" and change the value from null to "SecurityGroup" (with quotes)
  18. Click "Save"
  19. Go back to the application and click "Settings" and then "Properties"
  20. For "Logout URL" enter "https://api.vivi.io/api/v1/users/saml_logout/<your organisation id>"
  21. Click "Save"

  22. Go back to "Enterprise applications" > "Vivi" > "Users and Groups"
  23. Only users and groups explicitly added here will be able to sign in to the application
  24. Nested groups can't be assigned yet according to Microsoft: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/15718164-add-support-for-nested-groups-in-azure-ad-app-acc
  25. Alternatively, you can disable "User assignment required?" in "Vivi" > "Properties" to allow all users to sign in

  26. For "SAML Name Attribute" enter "http://schemas.microsoft.com/identity/claims/displayname"
  27. For "SAML Email Attribute" enter "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
  28. For "SAML Group Attribute" enter "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups"
  29. For "SAML Presenter Group" and "SAML Student Group" use the "Object ID" found on the groups you want to use
  • No labels